Privacy Policy
Last updated: 10 May 2018
Privacy Policy
General
South Square is a set of practicing commercial law barristers. Our website (https://southsquare.com/) is owned and operated by Chambertin Services Unlimited, a service company supporting members of South Square.
Chambertin Services Unlimited are committed to protecting the privacy of users of our website, our clients and the privacy of other individuals whose personal data we collect and use. Please read this privacy policy as it will help you to understand how we use your personal data and how you can tell us if you would prefer us not to use your personal data, or to limit its use.
Who we are
We are Chambertin Services Unlimited, an unlimited company registered in England and Wales under number 02360982 with registered office address at 7th Floor, Dashwood House, 69 Old Broad Street, London, EC2M 1QS (“South Square”).
In respect of our website and any mobile sites, we are the data controller of any personal data you provide to us and are subject to applicable data protection laws.
In respect of data received in relation to client engagements (“client data”), the controllers are:
- the individual member(s) of South Square who is (are) responsible for the provision of the legal services required to fulfil your instructions (“Members”) and any pupil barristers working with such Members (“Pupils”), in respect of client data received in relation to instructions provided to Members.
- South Square, in respect of client data received in relation to client engagements, other than for the provision of legal services.
In most cases, Members and Pupils will be independent data controllers. In some circumstances, in respect of personal data relevant to a particular matter when acting on the instructions of a solicitor, Members and Pupils may be:
- joint data controllers with the instructing solicitors; or
- data processors on behalf of the instructing solicitors.
Please note that the way in which your data will be processed will be in accordance with this policy and only for the purposes set out in the engagement letter with you.
Members and Pupils act as a data controller in relation to the processing of client data as set out in this statement. However, in some circumstances where Members and Pupils process personal data on behalf of the relevant instructing solicitor, they may be data processors for the purposes of data protection laws.
For the purposes of data protection laws:
- South Square is registered as data controller with the Information Commissioner’s Office (“ICO”) with registration number Z8439830.
- Each individual Member is registered as data controller with the ICO.
- Pupils are registered as data controllers when they commence pupillage.
References in this document to “South Square”, “we”, “our”, and “us”, are references to South Square, to Members and to Pupils as applicable.
How to contact us
If you have any questions about this Policy or any personal data which we hold about you, or if you wish to exercise any of your rights as described in this Policy or under applicable data protection laws, please contact our Privacy Officer, (The Chambers Director):
(a) by email at enquiries@southsquare.com;
(b) by telephone on +44 (0)20 7696 9900; or
(c) by post at South Square, 3-4 South Square, Gray’s Inn, London WC1R 5HP.
References in this Policy to “South Square”, “we”, “our” and “us” are references to (as applicable) South Square, Members and Pupils.
Data protection principles
Anyone processing personal data must comply with the principles of processing personal data as follows:
- Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
- Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimization – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy – data must be accurate and, where necessary, kept up to date.
- Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
This privacy policy describes the personal data that we collect, and explains how we comply with these principles.
What personal data do we collect?
You may choose to provide us with personal data about yourself by corresponding with us through any form on our website, by phone, email, or otherwise. When you correspond with us we collect your contact details and other details which you may provide to us. This information will only be used in respect of the event or service to which your email relates.
The personal data we collect from you will depend on your role. For example, whether you are a client of a barrister practicing at South Square, an employee of a client of South Square, or a user of or a professional adviser to a client of South Square.
In the course of providing legal services to our clients we collect the personal information as necessary to enable us to carry out your instructions and to manage and operate our business, and to comply with our legal and regulatory obligations.
The personal information that we may collect includes, but is not limited to, the following:
- your name;
- home and business address;
- contact details (such as telephone numbers and email address);
- date of birth;
- gender;
- marital status;
- copies of passport, national identity card, driving licence, utility bills, bank statements and similar documents;
- immigration status and work permits;
- other personal information contained in correspondence and documents which you may provide to us;
- information we obtain from our IT and communications monitoring; and
- other personal data about our clients and individuals involved in transactions and business with them.
When a client enters into an agreement with us to use any service, we send an instruction letter acknowledging receipt of instruction papers and confirming the individual responsible for provision of the required legal services. That letter contains further details about how we will process the data we have received.
You confirm that you are authorised to provide to us the personal information which we shall process on your behalf.
Where the personal information relates to your directors, shareholders, beneficial owners, employees, agents, associates or family members it is not reasonably practicable for us to provide to them the information set out in this Policy. Accordingly, where appropriate, you are responsible for providing this information to any such person.
We automatically collect data about users of our website by using cookies. This data allows us to recognise users and their preferred settings and avoids users having to re-enter information when they visit our website in the future. Please see our Cookie Policy below for more information about the cookies we use.
We may also automatically collect, store and use information about your visits to our website and about your computer, tablet, mobile or other device through which you access our website. This includes the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location; and
- information about your visit and use of our website, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), pages you viewed and searched for, page response times, download errors, and length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used.
What do we do with your personal data?
Your personal data will be used by us in order to:
- provide legal services to you and carry out our obligations arising from any contracts entered into between you and us;
- provide you with the information, products and services that you request from us;
- provide you with information about other goods and services we offer that are similar to those that you have already enquired about or engaged us to provide to you.
Where it is in our legitimate interest to do so, your personal data will be used by us in order to:
- provide you with information about news, publications, and seminars which we think will be of interest to you;
- carry out research about our users’ and clients’ demographics, interests and behaviour so that we can better understand our users, clients and potential clients;
- administer our website including troubleshooting, data analysis, testing, research, statistical and survey purposes, to monitor the use of our website, and to record traffic flows to our website;
- notify you about changes to our service;
- ensure that content from the website is presented in the most effective manner for you and your computer, tablet, mobile or other device through which you access our website;
- for other purposes set out in our Cookie Policy (see below).
In addition, if any of the personal data which you provide to us is a special category of personal data (being personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation), by providing that data to us you are giving explicit consent to us collecting and using that sensitive personal data in accordance with this privacy policy. Alternatively, we may process such personal data without your consent where processing is necessary for the establishment, exercise or defence of legal claims.
Where you are an individual, we will not send you marketing information by email without your consent.
Where our processing is based on consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences at any time by contacting us as given in “How to contact us” above or you can also click on the ‘unsubscribe’ button at the bottom of the email.
We may also use aggregate information and statistics for the purpose of monitoring website usage in order to help us develop our website and our services. These statistics will not include information that can be used to identify any individual.
Data relating to criminal convictions and offences
We may also collect and store personal data relating to criminal convictions and offences (including the alleged commission of offences).
This data is only processed where it is necessary for the purposes of:
- the prevention or detection of an unlawful act and is necessary for reasons of substantial public interest;
- providing or obtaining legal advice; or
- establishing, exercising or defending legal rights.
Email monitoring
Email which you send to us or which we send to you may be monitored by us to ensure compliance with regulatory or self-regulatory practices or procedures. Monitoring is not continuous or routine, but may be undertaken where there are legitimate grounds for doing so.
International transfers
Your personal data may be transferred, stored, and processed, outside of the European Economic Area. Regardless of where your personal data is transferred, we shall ensure that your personal data is safe and shall take all steps reasonably necessary to put in place appropriate safeguards to ensure that your personal data is treated securely and in accordance with this privacy policy and applicable law. Details regarding these safeguards can be obtained by contacting us as given in “How to contact us” above.
To whom might we disclose your personal data
We will not sell or disclose your personal data to anyone outside South Square except as set out below.
We may provide your personal data to third parties that we engage to provide services to us. Some of these third parties may be located outside the EEA. If we use a third party to process your personal data, we will require that third party to process your data only in accordance with our instructions and to protect your personal data as regards confidentiality and as against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
We may disclose your personal data to third parties with your consent or, where your personal data was provided to us by your employer, your employer’s consent provided that your employer has in turn obtained your consent.
We may also disclose your personal data to third parties where there is a legitimate reason to do so including for the following reasons:
- to an auditor or legal adviser of South Square;
- to a court, tribunal or regulator;
- to comply with any law, order, rule of court, regulation or rule or code of professional conduct;
- to the police, any law enforcement agency or other person, as South Square thinks appropriate, to assist in the identification and location of anyone who may have committed an unlawful or illegal act;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
- if all or substantially all of our assets are acquired by a third party, in which case personal data held by it may be one of the transferred assets;
- to third parties with whom South Square engages for the hosting of events or other marketing initiatives.
Our information technology systems are operated by South Square but some data processing is carried out on our behalf by a third party. Details regarding these third party data processors can be obtained from our Privacy Officer whose details are given above.
In respect of client data and if we are working with other professional advisers in relation to any matter handled by us on your behalf then, unless you instruct us otherwise, we shall assume that we may disclose your information to them.
We may disclose and share personal information:
- with our Members, Pupils, staff and consultants;
- to other professional advisers and third parties in accordance with your instructions;
- to our professional indemnity insurers or brokers, auditors, lawyers and compliance or risk managers;
- if we, acting in good faith, consider disclosure to be required by law or the rules of any applicable governmental, regulatory or professional body.
Your rights
Access to your information and updating your information
You have the right to request a copy of the personal data which we hold about you. If you so request, we shall provide you with a copy of your personal data which we are processing (“subject access request”).
You also have the right to receive your personal data in a structured and commonly used format so that it can be transferred to another data controller (“data portability”).
We would like to keep your personal data accurate and up to date. You may ask us to correct or remove personal data you think is inaccurate.
Right to object
You have the right at any time to object to our processing of your personal data for direct marketing purposes.
Where we process your information based on our legitimate interests
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Your other rights
You also have the following rights under data protection laws to request that we rectify your personal data which is inaccurate or incomplete.
In certain circumstances, you have the right to:
- request the erasure of your personal data (“right to be forgotten”);
- restrict the processing of your personal data to processing to which you have given your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of others.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
Exercising your rights
You can exercise any of your rights as described in this privacy policy and under data protection laws by contacting us as given in “How to contact us” above.
Save as provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee (subject to any limits imposed by applicable law) taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
Links to other websites
This privacy policy applies only to South Square’s website. Our website may contain links to websites operated by others. These other websites may collect and use personal data in a way which is different from the way in which we collect and use personal data. When you visit a website operated by someone else, you should read its privacy policy (so far as one is available). We do not accept any responsibility or liability for the way in which the operators collect and use your personal data through such other websites.
Security
We store your personal data in hard copy and in electronic format.
We store your information in hard copy and in electronic format. We use industry standard technical and organisational measures to protect information from the point of collection to the point of destruction. For example:
- Hard copy information files are restricted to authorised individuals.
- We use, as appropriate, encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
- Where appropriate, we use pseudonymisation and / or encryption to protect your information.
- We will only transfer personal data to a third party if it agrees to comply with those procedures and policies, or if it puts in place adequate measures itself.
Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. However, once we have received your personal data, we take steps to ensure that it is treated securely and in accordance with this privacy policy.
Where data processing is carried out on our behalf by a third party, we will endeavour to ensure that appropriate security measures are in place including to prevent unauthorised disclosure of your personal data.
How long we keep your personal data
Personal data received by us will only be retained for as long as necessary to (i) fulfil the purposes described in this privacy policy, (ii) to fulfil our engagement with you, or (iii) for the maximum period of time as necessary and permitted for legal, regulatory, fraud and other financial crime prevention and legitimate business purposes, after which time it will be destroyed in a secure manner.
Complaints
You should address your complaints to our Privacy Officer whose details are set out above.
In addition, you have the right to complain to the Information Commissioner’s Office (https://ico.org.uk/) about our data processing activities in relation to your personal information if you think they infringe applicable data protection laws (ICO helpline on 0303 123 1113).Cookies Policy
What are cookies?
Cookies are small amounts of data which often includes a unique identifier that is sent to your computer, tablet, mobile or other device (your “device”) from a website and is stored on your device’s browser or hard drive. They are used by almost every website to improve your online experience. We use cookies to give you access to certain parts of our website and to let us know how you are using our website.
Consent to our use of Cookies
The law allows us to freely store cookies on your computer if they are essential to the operation of our website. However, we need your consent to set non-essential cookies on your computer. By continuing to use our website you are consenting to our setting cookies and using the data collected by them for the purposes set out in this cookie policy.
Declining Cookies
Some of the cookies we use are essential for our website. If you decline them, some of the features of our website may not work as well as we intend and you may not be able to access or use some features or services.
Unless you have set your browser so that it will decline cookies, our system will set some cookies as soon you visit our website. You can block cookies by setting your browser to refuse all or some cookies or to alert you to when a cookie is being sent. For information about this you should look in your browser’s ‘help’ facility.
If you have previously browsed or used our website and no longer wish to accept cookies, you should be aware that some cookies will have been set. You may delete these cookies at any time by following these instructions.
More information about how to manage cookies for all the commonly used internet browsers can be found by visiting www.allaboutcookies.org.
Cookies we use
Google Analytics: Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to gather anonymous analytical information about the users of our website to help us to understand better usage patterns. We typically use Google Analytics for this purpose.
The information generated by the Google Analytics cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
Contact
If you have any queries about our use of cookies on our website please contact: enquiries@southsquare.com.
Changes to this Privacy and Cookies policy
We keep this policy under regular review and may change it at any time. We shall place notice of any amendments on our website. The updated policy will appear on this webpage. You should check it each time you visit our website or provide us with any personal data.
'An unrivalled collection of the best talents currently at the Bar.'LEGAL 500